Apex item value

2
votes

Edit: I might have been unclear with my question. The authorization scheme is supposed to go off a page after the login page.

I am creating an Apex application with custom authentication, I successfully made the login page and am now able to set session item values. I made an apex application item called 'SESSION_USER_ROLE' and in my login authentication procedure I set the user role in the session state by using:

Apex_Util.Set_Session_State('SESSION_USER_ROLE', v_role);

After logging in with one of my user accounts and checking the session application items I can confirm that the item value and item name are properly set in the application items and session state.

However, when I try to access the value of the 'SESSION_USER_ROLE' item for an authorization scheme by using a PL/SQL function returning boolean I always seem to get 'false' even when I should be getting 'true'. This is the PL/SQL code I've been trying to use for authorization purpose:

    DECLARE
         v_role VARCHAR2(200);
         v_auth boolean;
    BEGIN
         v_role :=  APEX_UTIL.FETCH_APP_ITEM('SESSION_USER_ROLE');
        --This is the value of the SESSION_USER_ROLE for this specific user
         if  v_role  = 'CEO' then 
              v_auth := true;
         else
              v_auth := false;
         end if;
         return v_auth;
    END;

I don't understand what I'm doing wrong here. Is this not the correct way to retrieve the item value of SESSION_USER_ROLE?

1
oracleplsqloracle-apex
I suspect that what may be happening is that you are setting the application item in one session (before the user is logged in) and then trying to retrieve it in a different session (once the user is logged in). Try moving the setting of the item to an application process that fires "on new session" or something like that.Tony Andrews
That last line might be what I'm looking for. Where can I find more information about that?D M

1 Answers

2
votes

Ensure the process that sets your application item where you refer to 'login authentication procedure' is referred to in the 'post-authentication procedure name' attribute of the current Authentication Scheme.

Alternatively, use the After Authentication computation point for application processes.

Computation point

On new instance would be too early, before the person logs in.

Add some instrumentation using apex_debug.message, and run the process in debug mode. For instance, you might like to log the value of v_role in the authentication process, and again after you fetch it in the Authorisation Scheme.

You may well be fetching it correctly, but does it have the value you expect? An alternative reference method is with bind variable syntax, :SESSION_USER_ROLE

On a side note, I've had more scalable success by defining authorisation schemes by privilege, not by business role.